Latest Server related questions

I'm trying to set up a VPN server with wireguard.

I have the following setup in docker compose:

version: "3.1"

services:
  wireguard:
    image: linuxserver/wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - SERVERURL=someoffice.com
      - SERVERPORT=51820
      - PEERS=6
      - PEERDNS=10.0.10.1
      -  ...

We are adding login in with google to an ecom website which powers multiple domains/locales where we have a different domain for each store.

The problem is we have different privacy policies for each country. How do we manage this in a single app- or does each domain require its own application

There have been several similar questions to this, but none with resolutions.

• I can run ntpdate on the machine, and the date is updated. I assume that this means there is no firewall problem.
• I have checked the ISP and the firewall and UDP port 123 is open.

The result of ntpq -pn is:

     remote           refid      st t when poll reach   delay   offset  jitter
====================================== ...

When I try and detach cinder volumes in openstack they do not detach properly. They just get stuck in detaching.

The same thing happens if I delete an instance. The instance deletes fine but the volume does not get destroyed properly.

Here is what it shows in the log:

2023-05-24 14:49:37.090 4639 ERROR nova.volume.cinder [None req-1968ed99-1825-4ec5-9c7a-427a59d3b3d1 229aef0094cd40c8adf30f2ea52c45ba 78 ...

My logs are coming in as follows:

<134>May 24 14:39:32 edge.internal filterlog[2535]: 78,,,ffe6d10d1f27a42fc0edc3abb3a6d333,ovpnc1,match,pass,out,4,0x0,,63,61951,0,DF,6,tcp,60,10.8.0.2,20.44.17.5,44575,443,0,S,1497081603,,64240,,mss;sackOK;TS;nop;wscale

LogStash is correctly collecting the logs but the patterns is not working for some reason.

They should be matching on OPNSENSE

My inputs.con ...

I have two LDAP servers that replicate together on my LAN. I have a Pfsense CE that performs a load balancing on my two servers for the requests from the WAN. Is it possible to check the number of requests that were sent to each of my servers ? I would like to check if my load balancing is working properly. Is it possible to use the statistics features of the tool ? Thank you.

I have two application. One is a nextjs app and another is a WordPress app. Both are running in difference instances.

In order to serve my WordPress blog from my main site like https://example.com/blog, I have added the following proxy to my main site's nginx server configuration,

location ^~ /blog/ {
    http2_push_preload on;
    proxy_pass https://blog.exmaple.com/;
    proxy_http_version 1.1;
    ...

I have a PHP script running on an Apache server which is responsible for disconnecting all user sessions. For that, it makes a loop that identifies itself as the session that should be disconnected and destroys it. This procedure has no echo.

The Apache log returns HTTP code 200, saying that everything went well.

But NGINX returns the following error.

[error] 512#512: *2699 upstream sent too big header w ...

So here is my description of the problem with which I am struggling for a while. I am using Always ON VPN in user mode. VPN is deployed via a script, so the settings are the same for each machine. I have configured a certificate template that is used for VPN and that is also deployed the same for machines.

Now I have 3 machines in play all 3 on Win 11 Pro same version and updated in the same way. ...

Let us assume that we have a pool of some 50 computers with 6 cores and 12 threads each.

If someone plans to use it for intensive astrophysics simulation using all of its logical CPUs (50*12) for 24x7, how long will it be able to sustain without any physical damage? Given simple cooling with ACs and the CPUs come with their own fans. Can there be any performance degradation over time? If yes, wh ...

I keep getting this error when running my playbook on Ubuntu 22.04LTS server and have been trying to fix it for sometime now but aren't making progress.

fatal: [MY IP]: FAILED! => {"changed": false, "msg": "Failed to update apt cache: W:Updating from such a repository can't be done securely, and is therefore disabled by default., W:See apt-secure(8) manpage for repository creation and user configurat ...

When I create a server in the Hetzner Cloud Console via the "Add Server" option, I can configure the server Location, Image, Type, Networking and SSH Keys among other settings. When the server using a Debian or Ubuntu image is created, selected SSH keys are installed into /root/.ssh/authorized_keys.

Once the server is created, I can open it in the Cloud Console web interface and select the Rebuild  ...

Another day, another Hybrid Azure AD Join issue.

Having set up Hybrid Join, it looked like it was working.  The device I onboarded via autopilot was created in "on-prem" AD, was in Azure AD, but was listed as an Azure Registered device, rather than Hybrid Joined / Azure AD Joined.  

As our on-prem AD Domain Controller is in a hosted DC, meaning we have no line of sight to, I then have to sign ont ...

I have a kubernetes cluster installed with kubeadm. Currently it uses a single control plane node. I'm satisfied with this setup in terms of reliability and don't want to turn it into high-available cluster for now. I want to recreate control plane node, so I want to temporary increase control plane nodes to 3, and then to reduce them back to one. How do I do that? I'm afraid that just by turning off an ...

What is the best practice method for deploying printers to clients using the Print Management tool on a Windows Server 2019?

There are printers based in each remote office, which I would like to deployed to the device rather than the user, so if a user from another office visits, the client will have the local office printer added.

Currently, I have the AD set up as Site > Office > Workstation ...

On an interface that is connected to a 1G port I want to limit all users/sessions to have no more than 20Mbits download speed individually. I mean If two of them tried to use bandwidth at the same time each should be able to get 20Mbits.

I use this for different applications. One is Openvpn user management. So let's consider the interface is tun0. It seems that on a Ubuntu server machine the best approa ...

I've successfully installed Wireguard + UI to a Debian11 VPS with this AIO script.

But if I open the http://localhost:5000 via Webmin tunneling, I get this error:

Bad PATH_INFO : /login

• How do I fix this?

Edit2:

The problem is only occurring, if I try to reach the UI through Webmin tunneling.
Using the recommended:
ssh -L 5000:localhost:5000 [email protected] -p 22 binding works.
(Except I need to type ...

With a batch I was able to successfully join Office Systems on domain but for some reason a few are stuck and I did try the same command with changing fjoinoptions=2 and 3 but still unable to get them on domain.

wmic computersystem where name="%computername%" call joindomainorworkgroup AccountOU="OU=lab;DC=ABClab;DC=local" fjoinoptions=2 name="ABClab.local" username="ABClab\administrator" Password="@@@ ...

Everything works, ssh connects using private-public ssh key pair.
Just few things in ssh -v Ora2 output isn't clear for me.

This is complete ssh -v Ora2 output:

PS C:\Users\roeslermichal> ssh -v Ora2
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Reading configuration data C:\\Users\\roeslermichal/.ssh/config
debug1: C:\\Users\\roeslermichal/.ssh/config line 19: Applying options for Ora2
debug1:  ...

I'm currently installing a new Linux server and am trying to decide whether to use legacy mode (BIOS) or EFI. So far, I'm leaning towards legacy because it's less complex (less partitions) and has been working well so far for all our other machines. Moreover the Supermicro implementation doesn't seem to be particularly issue-free.

I'm very reluctant to use anything legacy on a new machine, but with E ...

How can I configure so smartcard login is the first choice when logging in?

Our domain is using smart card login for users and LAPS for administration of our workstation which means I cannot enforce only smartcard login.

When I start a user workstation and insert the smart card I wish for windows to select the smartcard so user can enter its PIN instead of having to click "smart card"

Are there any GPO ...

so I tried to install Ubuntu 22.04.2 in Hyper-V on my Windows Server 2012. Installation goes fine but the first boot stops on black screen and a mouse cursor which doesn't move. I found some guide to change grub config which seems to help a bit

Now it boots into login screen, I login and see the desktop, but it takes about 8 seconds before image freezes and mouse stops moving! Then I can only switc ...

I am running the shred command to securely wipe some storage.

I would like to see its progress, but have lost the ssh terminal that was running the command.

Is there a way that I can use to see the verbose output of the shred command from a new ssh terminal?

I have tried to hook into and view the output from /proc/pid/fd/0 1 2 etc but it just shows the random characters from /dev/urandom. I tried usin ...

I'm trying to archive files from /proc/net when a process crashes. This is to aid in debugging, to get understanding about the machine status when crash happened.

The contents are not regular files, but interface to internal data structures in the kernel.

# file /proc/net/arp
/proc/net/arp: empty

# cat /proc/net/arp  | head -n 3
IP address       HW type     Flags       HW address            Mask      ...

Incoming emails are mostly unchecked by SpamAssassin, although we can see in the headers that they were checked with Amavisd-new for viruses.

We've tried many things to fix it, including asking chatGPT for help, but it gave us lots to check but unfortunately no result.

The following is relevant extract from the syslog, showing the details of an incoming email, which was received but was not scanned  ...

Hi I'm trying to install kubectl following the native package install instructions on the official site, but I get the following error when I try to update apt package list before installing kubectl:

$ sudo apt update
...
Reading package lists... Done
W: GPG error: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is no ...

I've spent my last 2 days trying to figure out what's wrong with my setup and couldn't find a resonable answer or solution, so I want to share it with you.

What happened: I've deployed a new etcd using helm and configured external-dns to create dns records inside it, and also set-up a coredns deployment to read records from etcd.

but, the problem is, when the records are created inside etcd, coredns wo ...

I am running Plesk 18.0.44 on my Debian 9.13 server. It has multiple subscriptions and hence different users for these vhosts. I was always able to run /opt/plesk/php/7.4/bin/php -v as a vhost user (or rather some PHP commands for the applications hosted there, but php -v suffices for explaining purposes). Recently, this has stopped working with the following error message:

-su: /opt/plesk/php/7.4/bin/php ...

I have a Node Js app which interacts with CosmosDB and which is deployed to a private AKS cluster. I was able to connect to Cosmos DB through a service endpoint in the Cluster VNET/subnet for Cosmos DB by enabling 'selected networks' in Cosmos DB.

I am now trying to close it to private access only via private endpoints.

I disabled public access / so no 'selected networks' any more.

I created a private  ...

tcpdump works as expected on my machine.

tcpdump -i enx00e04c04009e -Uw - | tcpdump -en -r - vlan 201
17:52:51.447340 04:01:30:00:00:16 > 03:00:03:00:04:00, ethertype 802.1Q (0x8100), length 66: vlan 201, p 0, ethertype IPv4 (0x0800), 192.16.4.47.2013 > 192.16.4.6.5007: UDP, length 20

In my configuration I have vlan eth1.201 with ip 192.16.4.10 (possibly less relevant) and no interface is  ...